Make our public KEYS available for auto-checkers run by Apache infrastructure
-----------------------------------------------------------------------------
Key: UIMA-1101
URL: https://issues.apache.org/jira/browse/UIMA-1101
Project: UIMA
Issue Type: Task
Components: Build, Packaging and Test
Reporter: Marshall Schor
Priority: Minor
The KEYS file is used by an automated process to verify proper signing of all artifacts put
in Maven repositories - see http://people.apache.org/~henkp/repo/faq.html. That FAQ says about
the keys:
The checker looks for keys in the KEYS file in the maven repo and www.apache.org/dist/
* If you key is missing, you should add your public pgp key to an appropriate KEYS file.
* Also, make your public pgp key available in file .pgpkey in your home directory /home/your-username/
on people.apache.org ; make sure the checker can read it : chmod +r .pgpkey
* Look at /home/henkp/.pgpkey for an example.
* Never, never store your private pgp key on people.apache.org
The KEYS files seems (on inspection) rarely put into the Maven repository - so I think we
should skip that part. The file that most likely really needs updating is the one or www.apache.org/dist
- it's missing the recent upates that were done in our SVN keys file.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
|